International IT consultancy firm Accenture reportedly suffered a ransomware attack by hacker group LockBit. Bleeping Computer looked into the matter and saw that the attackers are threatening to leak stolen data from the company within hours after posting a notice should the $50M ransom goes unpaid.
According to the notice posted by LockBit 2.0 on August 11, 2021, at 5:30 PM, Accenture had six hours before the group publishes the information.
In the post, the hackers said, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases reach us.”
Bleeping Computer noted that the group had not shown any evidence that they hold stolen data. Moreover, little is known about the attack.
CyberScoop reported that Accenture released an internal memo about the incident on July 30. The memo said, “While the perpetrators were able to acquire certain documents that reference a small number of clients, none of the information is of a highly sensitive nature.”
However, Accenture did tell the breach reporting site that the systems involved have been restored with the help of a backup.
Accenture also said, “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.”
It added, “We fully restored our affected systems from back-up. There was no impact on Accenture’s operations, or on our clients’ systems.”
Accenture is a global company with operations in around 50 countries. It currently employs 569,000 people across the globe and has clients worldwide. Some of its clients are in technology, energy, telecommunications, government, banks, and automobile industries, just to name a few.
Meanwhile, the hackers are seen peddling the stolen data online. Cybersecurity firm Cyble noted that the group claims to hold six terabytes of Accenture’s data and is demanding $50 million in ransom.
The attackers further claim that they were able to penetrate the company’s system through an “insider” as seen in the threat post.
As for the scope of the attack, Bleeping Computer got information from sources saying that Accenture had verified the attack to at least one computer technology integration (CTI) vendor. The company is also said to be moving to inform affected customers.
A tweet by cybercrime intelligence company Hudson Rock also revealed that there are 2,500 computers related to Accenture that have been compromised. These units are said to belong to employees and partners.
